Hackers steal $400k worth of NFTs from Premint
2022.07.19 20:58
Hackers steal $400k worth of NFTs from Premint
Over the weekend, popular NFT platform Premint became the latest victim of a security breach, leading to the loss of over 300 NFTs, including collectibles from Bored Ape Yacht Club, Otherside, and Goblintown.
According to available information, the attacker was able to swindle unsuspecting users after adding a malicious JS file on Premint’s website. The affected users reportedly received a pop-up message prompting them to confirm the ownership of their wallets. The message also urged users to enable a “SetApprovalForAll” feature in their wallets, and those who clicked the said link unknowingly gave the hacker access to steal the NFTs in their wallets.
Blockchain security company Certik reportedthat the hacker(s) stole 314 NFTs, valued at around $400,000. Meanwhile, Premint confirmed the incident, noting that only a “relatively small number of users” were affected. The team goes on to state that it had identified four wallets linked to the attack from Etherscan data.
We are actively working to get a full list of wallets that had assets taken from them.These are the wallets that Etherscan have flagged for stealing assets. -https://t.co/l3yEk2tUDs – https://t.co/wdo7sJMia1- https://t.co/8bBEgpKupN- https://t.co/iY4tna437S
— PREMINT | NFT Access List Tool (@PREMINT_NFT) July 17, 2022
Surprisingly, the attack happened hours after Premint warned its customers not to “sign any transactions that say set approvals for all!”
